WEBppliance 3.1.6 provides a security update that resolves the predictable temporary file vulnerability in Python 2.2.1.
This patch requires WEBppliance 3.1.5 for Linux to be installed on your server.
NOTE: This patch will not install on any other version of WEBppliance for Linux, other than 3.1.5.
Major Features of WEBppliance 3.1.6
This patch addresses and fixes the security vulnerability mentioned below:
- Predictable temporary file vulnerability in Python.
os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.
Advisory details for the security patch are available at the following URL:
Installation Instructions :
Download site: (be sure to download using BINARY mode)
To install the patch please follow the instructions below :
1. Download the file LS-3.1.6-1.tar.gz
2. Uncompress the file:
tar -xvzf LS-3.1.6-1.tar.gz
3. Change the current directory to the directory
where you have uncompressed the file:
4. Run the following command
# sh ./patch-install-3.1.6-1.sh
After checking that this is the LS installation for LWP 3.1.5, this
install script would upgrade the required rpms (requires root access).